[Pkg-mozext-maintainers] Bug#741261: Bug#741261: enigmail: fails to recognize private keys for different accounts, asks for all private keys passphrases
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Mar 11 13:53:45 UTC 2014
Control: tags -1 + moreinfo
On 03/10/2014 10:28 AM, dpdt1 wrote:
> i have 7-8 private keys in my gpg keyring, 3 of those just for email accounts.
> when i decrypt with default key(set in gpg.conf) everything's allright. when i
> try to decrypt another account, gpg-agent asks for all other private
> keys/subkeys's passphrases, untill it reaches the particular one.. and not
> asking for that particular one in the first place.. that's really annoying on
> tb/enigmail since i get 8 pop-ups asking for different passphrases everytime...
> i've set mail accounts to use specific key for those, and see no difference..
> still asking passphrase for all of them...
You seem to be asking about decryption specifically, and not signing. i
think that makes sense, i'm just double-checking to make sure, since
there are two operations enigmail is capable of doing with a secret key.
The choice of which key to use for decrypting any given message is based
on the PK-ESK OpenPGP packet stored in the message itself:
Normally, this packet contains the OpenPGP keyID of the target to whom
the message is encrypted, but some people use a keyID of
0x0000000000000000 to hide the target (this is done by enigmail by
default when Bcc'ing someone on a message, and some people make it
happen by default by adding "throw-keyids" to ~/.gnupg/gpg.conf, using
--hidden-recipient arguments, or other gpg options.
When the keyID is hidden like this, gpg just tries all secret keys.
Perhaps this is what is happening for you? You can find out, for any
given message, by choosing "view source" on any given message, and then
pasting the source into "gpg --list-packets". If there is a hidden
keyid, you'll see:
:pubkey enc packet: version 3, algo 1, keyid 0000000000000000
I agree this is super annoying, but i'm not sure that enigmail is the
place to fix it, or how you would fix it in engimail as well. Maybe you
can ask your correspondents not to hide your keyid when they send you mail?
> i thought it was a problem with gpg-agent and maybe it is (?), but other apps
> recognize correctly each key and ask only for that passphrase....
which other apps? decrypting what sort of data?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1010 bytes
Desc: OpenPGP digital signature
More information about the Pkg-mozext-maintainers